Homeland Security Officials Strategize To Thwart Cyberattacks
RACHEL MARTIN, HOST:
Russian hackers have penetrated electric utilities across the U.S. This is according to the Department of Homeland Security. So elections, power grids - what's next? How vulnerable is the United States to cyberattacks, and what's at stake? We're going to ask Christopher Krebs this question. He is the top cybersecurity official at the Department of Homeland Security. He's in New York for a DHS conference on this very topic today. Mr. Krebs, thanks for being here.
CHRISTOPHER KREBS: Hey, thanks for having me. Good morning.
MARTIN: Do you believe the federal government has a grip on the cyber threat particularly from Russia?
KREBS: I certainly think that we're working with industry and the private sector to - a little bit better than we used to, that's for sure. That's the point of what we're doing up in New York today hosting the DHS National Cybersecurity Summit. We've got a number of CEOs and other senior executives across the industry, along with senior officials from the FBI, NSA, DHS and Department of Energy, coming together and say, hey, how can we tackle this problem together? This is truly one of those issues where, united, we stand, divided, we fall.
MARTIN: So, I mean, the DHS said last week, made this kind of startling announcement, that hackers had infiltrated hundreds of control rooms in power utilities. How can that happen?
KREBS: So, you know, as everybody looks at the Internet, we are seeing increasing connection for efficiencies, for management. But the problem is the more you connect, the more you raise your risk profile. So when we think about control systems, there are some - certainly some use cases where you would want to have something connect to the Internet so you could remote update. What we actually saw in that incident that we talked about, that ongoing Russian campaign, it wasn't that there were dozens or hundreds, even, of control system. There's actually just one or two that they actually successfully accessed. And it was not a baseload generation asset.
But nonetheless, it is worrisome, and we need industry and government to work together to identify the risks, identify the threat and work together on how to mitigate that. And really what I mean is just stop it from happening going forward. And if it does happen, how do we limit the consequences in the event that there is - that something does happen?
MARTIN: Right. But it is troubling that you don't have the answers to those very important questions at this point. I want to switch gears and talk about the election. Three months out from midterms, the director of National Intelligence, Dan Coats, says, hey, the warning lights are blinking right now, everyone. And we saw hackers - Russian hackers already tried to disrupt the campaign of Senator Claire McCaskill. Can we assume that this vote is going to be free and fair?
KREBS: That's certainly what we're shooting for. Look; we learned a lot from 2016 and what the Russian actors did to try to interfere with our election. And we're assuming as if they're going to come back in 2018 and 2020 beyond that. We are working with every single state, all 50 states, a number of the biggest counties out there, and DHS is providing them with information, strategic threat intelligence but also technical assistance, helping them understand where the risk is in their system and giving them the tools to increase the security of those systems. We've got - we've got about $380 million from the Congress to do some patching and to do some cybersecurity investments. So we are aiming for a resilient election. I think we've made a lot of progress since 2016. But this is not a sprint. This is a marathon that we're going to keep working at it every single day.
MARTIN: Christopher Krebs, under secretary for cybersecurity at the Department of Homeland Security, thanks so much for your time this morning. We appreciate it.
KREBS: Thank you. Have a good day.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.